CSPM & SENSOR UPDATE

Share

I am a newbe. I just received 5 sensors and VMS2.0.The sensors were at version 3.0(1)S4. I downloaded IDSk9-sp-3.0-3S12 Service Pack and applied it to one of the sensors.By the way CSPM and all sensors worked at the original versions. I installed CSPM S13 on the IDS manager CSPM. I then downloaded IDSk-sig-3.0-s14 for the sensor and CSPM S14 for the CSPM. Now when I try to look at the Event viewer, it get an error that says" Your local IDS services do not appear to be running". I checked the services and"Cisco Controlled Host Component"and "Cisco Secure PostOffice" is running. Is my problem maybe a different service?

We were having the same problem with our CSPM box here. After rebuilding from scratch, updating the CSPM to S17 and importing the policy, we are getting the same errors - The Cisco PostOffice on the CSPM is not communicating properly, despite the service running under NT. To verify this, use the snoop command on the Sensor (i.e. on our 4210 I ran "snoop -d iprb1 172.16.1.33 172.16.0.5 udp). I only saw udp 45000 from sensor to the CSPM, not anything back.

Haven't opened a TAC case yet, but will post here when we find a resolution.

Reinstalled CSPM from scratch, upgraded to 2.3.3, updated the signatures, imported the old topology and everything is fine. All of the exact same steps I did last time, but this time it's fine. I hate that...at least it works.